Global Data & Privacy Update - 12 February 2015

Author:Ms Margaret Tofalides
Profession:Clyde & Co

Landmark ruling against GCHQ

Last week the Investigatory Powers Tribunal ruled that The Government Communications Headquarters (GCHQ), the British intelligence agency had collected intelligence illegally up until December 2014. This decision is the first time in its 15 year history that the Tribunal, with sole jurisdiction over GCHQ, MI5 and MI6, has ruled against the intelligence and security services. The Tribunal also declared that intelligence sharing between the UK and the US was unlawful before December 2014, as the rules governing the relationship were kept secret.

Google's Advisory Council publishes findings

Following the public meetings conducted last year across Europe on how to implement the "Right to be Forgotten", Google's Advisory Council published its findings last week. Contrary to many EU regulators and the Article 29 Working Party, Google's advisers concluded that it is in the best interests of the public to focus any de-listings on local European versions of the search engine and not extend it to the .com domain.

Germany approves collective action in data protection bill

The German federal cabinet has approved a draft bill to improve the enforcement of consumers' data protection rights. The draft bill establishes collective action to be brought by consumer organisations. It will then be introduced to help consumers not only identify data protection violations but also reduce the cost and effort for each individual in pursuing such violations. The proposal will next be discussed in Germany's legislature.

Russia brings forward data processing restrictions

The implementation of proposed changes to the Russian data protection law has been brought forward by a year, and will now be effective from 1 September 2015. Amongst other things, the proposed changes restrict the processing of personal data on servers located outside of Russia. Companies that process personal data in Russia as either a data controller or a processor must ensure that such data relating to Russian citizens is stored on servers in the Russian Federation.

Anthem's massive cybersecurity breach


To continue reading